Cookie policy notice

By continuing to use this site you agree to our cookies policy below:
Since 26 May 2011, the law now states that cookies on websites can ony be used with your specific consent. Cookies allow us to ensure that you enjoy the best browsing experience.

But NHS England told Pulse only patients and authorised carers will have access to online records, adding that practices must verify patients’ identities and explain the relevant safeguards.

Speaking today at a London event on NHS IT, Ms Monaghan said the ICO currently sees ‘very few malicious security issues’ in the healthcare sector but that she expected this to ‘come up the pile’.

She said: ‘We see very few [breaches] that are, what you would call “malicious security issues”; where somebody deliberately breaches password protocols, cybercrime, those sorts of things… within the health sector.

She added: ‘I would suggest the cyber-security side of things, the ID-theft side of things, will start to come up the pile in health when we get proper online access to patient records. That is a real danger, and that is where security by design and security in an organised way come in.’

NHS England’s director of strategic systems and technology, Beverley Bryant, said: ‘Practices are required to check and verify people’s identify [sic] before issuing access credentials and guidance has been made available to them through NHS England and the RCGP. In addition, practices should make patients aware of their responsibilities and safeguards they should apply when accessing their records.’

Having access to someone`s medical notes would help potential (unscruplous) employers, suspcious (abusive) spouses and also blackmailers, hackers, Newspapers etc etc.Presently the the access to medical records is via a login and password which is static. Banks have moved onto mutilevel security- password and a pin generator and also have active IP address filtering, threat management and also call back if any suspicious activity .The present system would enable any script kiddie with a keylogger to retrive the user ID and password and check their summary care record and very likely patient may never know this happened! Also if a controlling person is checking for their BF/GF/spouse/offfspring`s records , the vulnerable person may never come to their GP as the other person maybe able to find out if the summary care record has been updated recently!Hopefully the responsibility for any security breach is that of the government and not the GP`s who are now legally bound to make these available.

There are already many Data Protection Act 1998 abuses against doctors: secret files held by regulators (complaints against doctors which GMC does not disclose to doctors), inaccurate medical records of doctors as a revenge (professional rivalry, for example).As one of my friends said: 'While French are revolting, English stand in the queue waiting for their turn'. It is high time, doctors did something about it by taking it to European courts.